I have been lack of blog writing for 2 years already. now i checked back my blog and realized that some people are really check my blog and at least reader can get something knowledge from my blog.... as long as i feel happy. Now i would like to share again what is APIC ( cisco software defined network) design and implementation consideration etc....
I have reference this information from my training and some from white paper. Hope you guys enjoy. .... :)
Cisco APIC Leaf/Spine Architecture
The fabric
is based on a leaf-and-spine architecture.
Cisco ACI
topologies have two types of functions: functions for leaf devices and
functions for spine devices:
·
Leaf
devices: These devices have ports connected to Classic Ethernet devices
(servers, firewalls, router ports, and so on)
·
Spine
devices: These devices exclusively interconnect leaf devices
The leaf is
also the place where policies are applied to traffic. All leaf devices connect
to all spine devices, and all spine devices connect to all leaf devices, but no
direct connectivity is allowed between spine devices or between leaf devices.
The Cisco
ACI fabric is a 40-Gbps IP fabric that supports routing to the edge (100-Gbps
capable
The Cisco
ACI fabric is designed to provide a zero-touch operation experience with:
●
A logically central but physically distributed controller for policy,
bootstrap, and image management
●
Easy startup with topology autodiscovery, automated configuration, and
infrastructure addressing using industry-standard protocols: IS-IS, LLDP, and
Dynamic Host Configuration Protocol (DHCP). After LLDP discovery, Cisco APIC
learns all neighboring connections dynamically.
●
A simple and automated policy-based upgrade process and automated image
management
Cisco APIC
Cisco APIC is a physical server
appliance on Cisco UCS C220 M3 server with two 10 Gigabit Ethernet interfaces
that must be connected to any two leaf switches. The Cisco Application Centric Infrastructure
Fabric (ACI) fabric includes Cisco Nexus 9000 Series switcheswith the APIC to
run in the leaf/spine ACI fabric mode. These switches form a “fat-tree” network
by connecting each leaf node to each spine node; all other devices connect to
the leaf nodes. The APIC manages the ACI fabric. The recommended minimum
configuration for the APIC is a cluster of three replicated hosts. It is also central point of management
but no centralized control plane.
ACI Terms
·
Bridge Domain: A bridge domain is a container
for subnets that can act as a broadcast or flooding domain .The bridge domain
is not a VLAN, although it can act similar to a VLAN. The bridge domain
references a VRF instance called Layer 3 Network. The subnets and gateways for
the workloads are defined as part of the bridge domain.Whenever you create an
EPG, you need to reference a bridge domain.
·
Contract: EPGs can only communicate with
other EPGs according to contract rules. contract uses labels, subjects, and
filters to differentiate how communications occur among different EPGs that require
HTTP or HTTPS (Layer 4 protocol).
·
End-Point Group(EPG): An EPG is a managed object that
is a named logical entity that contains a collection of endpoints. Endpoints.
Endpoint examples include servers, virtual machines, network-attached storage,
or clients on the Internet. Endpoint connectivity in the virtual network is
defined by carving the bridge domain into EPGs and associating these EPGs with
either a virtual machine manager or a physical server (static binding).
·
Application Network Profile: Application network profile is the end-to-end
components that make up a business application. An application network profile
is a collection of EPGs, contracts and connectivity policy. In other words is a
collection of groups of workloads that together form what the administrator
defines as the application.
The bridge
domain references a VRF instance called Layer 3 Network. The subnets and
gateways for the workloads are defined as part of the bridge domain.Whenever
you create an EPG, you need to reference a bridge domain.The relationships
among the various objects are as follows: the EPG points to a bridge domain,
and the bridge domain points to a Layer 3 network.
How to communicate with outside network with APIC
Outside network are currently running as OSPF routing protocol with
Area 0 backbone area.
When new APIC network infrastructure build up and connect back to current outside network. We
propose new ospf area Design.APIC Fabric infrasturctre will be running as
MP-BGP connection and border leaf switches is the point of intercommunication between current
datacentre network and new APIC infrastructure network. Border leaf switch will perform mutual
redistribution between OSPF and BGP. So that current outside network can
manage to learn APIC network information. as external OSPF route (O E2) route.
